Apt

analyzing-apt-group-with-mitre-navigator helps analysts map APT group techniques into MITRE ATT&CK Navigator layers for detection gap analysis, threat modeling, and repeatable threat intelligence workflows. It includes practical guidance for ATT&CK data lookup, layer generation, and comparing adversary TTP coverage.

hunting-advanced-persistent-threats is a threat-hunting skill for detecting APT-style activity across endpoint, network, and memory telemetry. It helps analysts build hypothesis-driven hunts, map findings to MITRE ATT&CK, and turn threat intel into practical queries and investigation steps instead of ad hoc searches.

The detecting-stuxnet-style-attacks skill helps defenders detect Stuxnet-like OT and ICS intrusion patterns, including PLC logic tampering, spoofed sensor data, engineering workstation compromise, and IT-to-OT lateral movement. Use it for threat hunting, incident triage, and process-integrity monitoring with protocol, host, and process evidence.

The analyzing-threat-actor-ttps-with-mitre-attack skill helps map threat reports to MITRE ATT&CK tactics, techniques, and sub-techniques, build coverage views, and prioritize detection gaps. It includes a reporting template, ATT&CK references, and scripts for technique lookup and gap analysis, making it useful for CTI, SOC, detection engineering, and threat modeling.